attacks

Vulnerabilities

Issued by: Security Week

Generally considered secure, VS Code extensions could expose millions of developers to malicious attacks, potentially leading to the compromise of information stored on developer machines, such as credentials, or even opening the route to further attacks. Snyk’s security researchers analyzed popular VS Code extensions that start web servers, which are typically accessible locally via a…

Software Security

Issued by: Security Week

The London, United Kingdom-based company leverages machine learning to prevent attacks that rely on email and social engineering. It describes its solution as “human layer security.” The company builds behavioral models for all employees and uses them to automatically detect security threats. Furthermore, by notifying employees of these issues, it aims to help improve individual…

Vulnerabilities

Issued by: Dark Reading

The ubiquitous Wi-Fi standard has at least three design flaws that allow a local attacker to intercept and exfiltrate wireless traffic, while additional implementation flaws enable more serious attacks for some wireless traffic, a well-known security researcher revealed this week. The design flaws in the IEEE 802.11 standard — more commonly known as Wi-Fi —…

Network Security

Issued by: Security Week

Three new security advisories have been published, including two that cover high-severity vulnerabilities that can be exploited remotely. The advisories describing the vulnerabilities were made public on April 28, but some organizations were privately notified in advance. The most serious of the flaws — based on its CVSS score of 8.1 — is CVE-2021-25216, a…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2021-1448 and having a CVSS score of 7.8, the command injection bug is mitigated by the fact that authentication and local access are required for successful exploitation. An attacker able to abuse it, however, may execute arbitrary commands as root on the underlying OS. The flaw exists because user-supplied command arguments aren’t sufficiently…

Malware & Threats

Issued by: Security Week

Attacks against the supply chain have been growing in quantity and gravity for several years, culminating in SolarWinds. Most discussion has focused on the software supply chain, but a new study shows that the physical logistics supply chain is equally subject, and susceptible, to cyberattacks. The Covid-19 pandemic has increased and highlighted the world’s reliance…

Vulnerabilities

Issued by: Security Week

After a wave of major in-the-wild zero-day attacks against Exchange Server installations that occurred globally in January, savvy organizations scrambled to lock down vulnerable Microsoft email servers and remove web shells that were installed by attackers. In early attacks observed by Microsoft, attackers were able to exploit a series of vulnerabilities to access on-premises Exchange…